Systems and methods for access control

ABSTRACT

The disclosure describes various systems and methods for access control. One such method includes providing an access control module that includes a base portion and an update portion. The update portion is electrically coupled to the base portion via a detachable electrical connector, and wherein operation of the access control module is based at least in part on an interaction between the base portion and the update portion.

BACKGROUND

The present invention is related to systems and methods for providingsecurity, and in particular to systems and methods for controlled accessusing distributed access control system.

In a typical installation, wireless access to access points in anestablishment is provided by installing access control readers inrelation to respective doors that are wired to a centralized controlstation. In such systems, credentials are issued which communicates withthe access control readers to provide access with the respective doors.To update access control, the readers are typically replaced with newermodels and new credentials are issued for operation in relation to thenew readers. This can be a costly undertaking and may require that allissued credentials be gathered and replaced at once. Furthermore,retrofitting existing buildings with access control can be costly wherea wired link to the centralized control station is utilized.

Thus, for at least the aforementioned reasons, there exists a need inthe art for advanced systems and method for access control. Thedisclosure describes various systems and methods for access control. Onesuch method includes providing an access control module that includes abase portion and an update portion. The update portion is electricallycoupled to the base portion via a detachable electrical connector, andwherein operation of the access control module is based at least in parton an interaction between the base portion and the update portion.

BRIEF SUMMARY

The present invention is related to systems and methods for providingsecurity, and in particular to systems and methods for controlled accessusing distributed access control system.

One or more embodiments of the present invention provide methods fordecentralized access control. Such methods include providing an accesscontrol module that is capable of operating at least two carrierfrequencies. In addition, two or more access credentials are providedthat operate at one or more of the carrier frequencies. In someinstances, the access control module includes a base portion and anupdate portion. The methods may include modifying the functionality ofthe access control module by replacing the update portion with anotherupdate portion. In various instances, the access control module includesa processor and a computer readable medium. In such instances, thecomputer readable medium includes a set of instructions executable bythe processor. In such instances, the methods may include updating theaccess control module by reprogramming the computer readable medium toinclude a different set of instructions executable by the processor.This reprogramming may be done by, but is not limited to, wirelesslycommunicating with the access control module via the first carrierfrequency, wirelessly communicating with the access control module viaan infrared link, and electrically communicating with the access controlmodule via a wired link.

In some cases, one of the access credentials operates at a carrierfrequency or group of carrier frequencies different from that of anotherprovided access credential. In various cases, the access control moduleis deployed near an access point. Such an access point may be, forexample, a door or other apparatus used to control access. In somecases, the access control module is wirelessly coupled to a centralizedcontrol system, and the centralized control system indicates a pluralityof access credentials that are authorized to access the access point. Inone or more cases, the methods effectuate a credential migration. Thiscredential migration may include replacing one provided accesscredential with another access credential. In other cases, the methodsdifferentiate between authorized access groups by allowing access on onecarrier frequency to one group, and on another carrier frequency toanother group. In some such cases, credentials operating at one carrierfrequency are issued by one entity to the group accessing via theparticular carrier frequency, and credentials operating at the othercarrier frequency are issued by another entity to the group accessingvia the other carrier frequency.

Other embodiments of the present invention provide access controldevices. Such access control devices include an access control modulewith a base portion and an update portion. The update portion iselectrically coupled to the base portion via a detachable electricalconnector, and operation of the access control module is based at leastin part on an interaction between the base portion and the updateportion. In some cases, such access control devices can be stand alonedevices, while in other cases such access control devices may becommunicably coupled to a centralized control system. Further, in somecases the base module may include a flash read only memory that ismodifiable when the access controller is deployed local to an accesspoint. In one or more cases, the base portion includes one processor,and the update portion includes another processor. In one particularinstance, the base portion includes a processor and a computer readablemedium with two or more sets of instructions executable by theprocessor. The update portion includes a hardware selector that selectsbetween sets of instructions that are executed by the processor.

Yet other embodiments of the present invention provide methods formigrating access control. The methods include providing an accesscontrol module that is operable to receive communications at two or morecarrier frequencies. The methods further include providing a credentialoperable to communicate at one carrier frequency to replace an earlierprovided credential that operates at a different carrier frequency. Insome instances, the access control module includes a base portion and anupdate portion. The update portions is tailored for operation with aparticular credential, and the methods further comprise replacing theupdate portion with another update portion that is tailored foroperation with a replacement credential.

Yet other embodiments of the present invention provide contactlessaccess control systems. Such systems include a modular component groupthat includes two distinct active components. At least one of the activecomponents implements a battery powered locking system. In some cases,the battery power is used to eliminate the need to provide wired powerto the control system. In various cases, one of the active components isfixed in relation to a mounting surface, and the other active componentis removable. In one or more cases, the removable active component isreplaceable by another active component. In one particular case, thefixed component includes a printed circuit board (“PCB”) that isoperable to implement wireless access. In some cases, the removableactive component may be, but is not limited to, a PCB operable toimplement wireless access, a PCB operable to implement a keypad, and adongle operable to implement infrared communications with the firstcomponent.

Yet further embodiments of the present invention provide systems forcontactless access control that include a modular component group withtwo or more sub-components where at least one of the sub-componentsimplements access control in relation to a time and attendance function.In some cases, the time and attendance is related to determining whenemployees are at work, or students are in school. Other embodiments ofthe present invention provide contactless access control systems with amodular component group that includes at least two active subcomponentswith at least one of the active sub-components implements access controlin relation to mechanical tool access control, monitoring and/orsecurity. Additional embodiments of the present invention provide accesscontrol systems with a modular component group of two or more activesub-components where at least one of the active sub-componentsimplements access control in relation to industrial vehicle accesscontrol, monitoring and/or security.

Yet other additional embodiments of the present invention provide contactless access control systems including a modular component group withtwo or more active sub-components. At least one of the activesub-components implements access control in relation to border control,monitoring and/or security. In such systems, the border may be, but isnot limited to, a national border, a company border or propertyboundary, or a logical border such as a group of computers.

This summary provides only a general outline of some embodimentsaccording to the present invention. Many other objects, features,advantages and other embodiments of the present invention will becomemore fully apparent from the following detailed description, theappended claims and the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

A further understanding of the various embodiments of the presentinvention may be realized by reference to the figures which aredescribed in remaining portions of the specification. In the figures,like reference numerals are used throughout several to refer to similarcomponents. In some instances, a sub-label consisting of a lower caseletter is associated with a reference numeral to denote one of multiplesimilar components. When reference is made to a reference numeralwithout specification to an existing sub-label, it is intended to referto all such multiple similar components.

FIG. 1 depicts an access control system known in the art;

FIG. 2 illustrates an access control system in accordance with one ormore embodiments of the present invention;

FIG. 3 illustrates an access control grouping in accordance with one ormore embodiments of the present invention;

FIG. 4 illustrates another access control grouping in accordance withone or more embodiments of the present invention;

FIG. 5a is a first portion of a flow diagram illustrating a method inaccordance with one or more embodiments of the present invention;

FIG. 5b is a second portion of the flow diagram of FIG. 5a ; and

FIG. 6 is a modular access control device in accordance with one or moreembodiments of the present invention.

DETAILED DESCRIPTION

The present invention is related to systems and methods for providingsecurity, and in particular to systems and methods for controlled accessusing distributed access control system.

One or more embodiments of the present invention provide methods fordecentralized access control. As used herein, the term “decentralizedaccess control” refers to any access control system where one or morefunctions of a deployed access control module are not controlled by acentralized access control distribution system, or where the accesscontrol module is not wired to a centralized access control distributionsystem. In some cases, the access control modules are completely standalone and operate on battery power such that there is no wiringrequirement when deploying the access control module. In various cases,the devices may be wirelessly coupled to a centralized system, andoperate on battery control. Thus, only minimal installation requirementsexist when deploying the access control module.

The aforementioned methods include providing an access control modulethat is capable of operating at least two carrier frequencies. Inaddition, two or more access credentials are provided that operate atone or more of the carrier frequencies. As used herein, the term“credential” refers to any portable device that includes informationuseful in completing a transaction. Thus, for example, a credential maybe a smart card with information allowing a user of the credential toaccess an access point. Such credentials may be, but are not limited to,credit cards, debit cards, access control cards, smart cards, cellulartelephones, personal digital assistants, and/or the like. Suchcredentials may be capable of communicating via a magnetic stripe, aradio frequency interface, a wired interface, an optical interface,and/or the like. Based on the disclosure provided herein, one ofordinary skill in the art will recognize a variety credentials andmechanisms for facilitating communications between credentials andaccess control modules. As used herein, the term “access credential” isa particular type of credential that is capable of, but not limited to,providing access via an access point.

In some instances of the methods, the access control module includes abase portion and an update portion. As used herein, the term “baseportion” is used to mean a part of the access control module that can bemated to another portion of the access control module, and that isgenerally in a fixed deployment. As used herein, the term “updateportion” is used to mean any part of the access control module that canbe mated to another portion of the access control module, and that canbe removed and replaced with relative ease compared to a correspondingbase portion. In some cases, the aforementioned methods includemodifying the functionality of the access control module by replacingthe update portion with another update portion. Thus, for example, inone particular case, the update portion includes a hardware selectorthat selects between sets of instructions that are executed by theprocessor. As another example, the update portion includes a processorand/or a computer readable medium used to affect the operation of theaccess control module.

In various instances of the aforementioned methods, the access controlmodule includes a processor and a computer readable medium. In suchinstances, the computer readable medium includes a set of instructionsexecutable by the processor. Such instructions may be formed as, forexample, computer executable software. In such instances, the methodsmay include updating the access control module by reprogramming thecomputer readable medium to include a different set of instructionsexecutable by the processor. This reprogramming may be done by, but isnot limited to, wirelessly communicating with the access control modulevia the first carrier frequency, wirelessly communicating with theaccess control module via an infrared link, and electricallycommunicating with the access control module via a wired link.

In some cases, one of the access credentials operates at a carrierfrequency or group of carrier frequencies different from that of anotherprovided access credential. In various cases, the access control moduleis deployed near an access point. Such an access point may be, forexample, a door or other apparatus used to control access. In somecases, the access control module is wirelessly coupled to a centralizedcontrol system, and the centralized control system indicates a pluralityof access credentials that are authorized to access the access point. Inone or more cases, the methods effectuate a credential migration. Thiscredential migration may include replacing one provided accesscredential with another access credential. In one particular embodimentof the present invention, a control reader in accordance with one ormore embodiments of the present invention operates at two distinctcarrier frequencies, 125 KHz and 13.56 MHz. This multiple frequencyapproach may, among other things, provide for transitioning systems fromone generation of control to another. Thus, as an example, where accesscontrol is initially provided at 125 KHz, new processes of accesscontrol can be supported at 13.56 MHz until the new processes of accesscontrol are fully implemented and the 125 KHz processes can then beended.

Other embodiments of the present invention provide access controldevices. Such access control devices include an access control modulewith a base portion and an update portion. The update portion iselectrically coupled to the base portion via a detachable electricalconnector, and operation of the access control module is based at leastin part on an interaction between the base portion and the updateportion. In some cases, such access control devices can be stand alonedevices, while in other cases such access control devices may becommunicably coupled to a centralized control system. For purposes ofthis document, the term “communicably coupled” is used in its broadestsense to mean any coupling or link between two endpoints that allows forcommunication there between. Thus, for example, communicably couplingmay include, but is not limited to, a contactless coupling such as aradio frequency, sound or optical link; a physical link such as a wiredlink; and/or the like.

Turning to FIG. 1, a known access control system 100 is illustrated.System 100 includes access control devices 140 associated withrespective access points 150, and electrically wired to a central accesscontrol 120. When access point 150 is to be opened, access controldevice 140 sends an electrical signal to operate the associatedactuator. Further, system 100 includes a central access control 120wired to the access control devices 140 and access points 150. Centralaccess control 120 is associated with a credential production system 110that is capable of creating one or more credentials capable of actuatingone or more of access controls 140. This programming is done based oninformation from an access control database 130. In a typical scenario,central access control 120, credential production system 110, and accesscontrol database 130 are maintained by the security department of acompany. The security department maintains access control database 130as a list of all personnel authorized to enter company premises. Apersonnel may report to the security department and request anappropriate access credential. The access information associated withthe person is gathered from access control database 130 and programmedinto a blank access credential using access credential production system110. This programmed access credential can then be used by the person toaccess one or more of access points 150 through presentation torespective access control devices 140.

Turning to FIG. 2, an access control system 200 in accordance with oneor more embodiments of the present invention is described. Accesscontrol system 200 includes a central access control device 210 that iscommunicably coupled to one or more access control modules 230 and/oraccess points 240 via a wireless communication network 220. Wirelesscommunication network 220 may be any type communication network thatdoes not require an electrical connection physically connecting centralaccess control device 210 with access control modules 230. In operation,a user presents a credential to one of access control modules 230 thatin tum actuate a locking mechanism associated with respective accesspoints 240 to allow access via the access point. In some cases,information derived from the credential by the access control module istransferred to central access control device 210 where a look upfunction is performed. This lookup function includes accessing an accesscontrol database 215 to determine whether a credential presented at agiven access control module 140 is authorized for accessing the accesspoint 240 associated with the access control module 140. A messageindicating the authorization status may be sent from the central accesscontrol 210 to the accessed access control module 140. Where theauthorization is positive, the access point 150 associated with theaccess control module 140 is opened to allow access.

Turning to FIG. 3, an access control grouping 300 in accordance with oneor more embodiments of the present invention is presented. Grouping 300includes an access control module 310 capable of querying variouscredentials 350, 360 at different carrier frequencies. In operation, acredential 350 transmits information to access control module 310. Thisinformation is received at a receiver that is determines the carrierfrequency at which credential 350 is transmitting. In this case, it is acarrier frequency associated with a channel A 320 of access controlmodule 310. Channel A 320 syncs to the incoming information and passesat least portions of the information to a processor 330 executinginstructions retrieved from memory 340. Where the information issufficient to authorize access, access control module 310 actuates anaccess point to which it is associated.

Similarly, when credential 360 is presented, access control module 310determines the carrier frequency at which credential 360 istransmitting. In this case, it is a carrier frequency associated with achannel B 322 of access control module 310. Channel B 322 syncs to theincoming information and passes at least portions of the information toprocessor 330. Where the information is sufficient to authorize access,access control module 310 actuates an access point to which it isassociated.

Turning to FIG. 4, an access control grouping 400 in accordance withvarious embodiments of the present invention is presented. Grouping 400includes an access control module 410 capable of querying credentials460 at different carrier frequencies. In this case, credential 460 iscapable of operation at multiple carrier frequencies, and can thuscommunicate with access control module 410 via one or both of a channelA 420 or a channel B 422. In operation, credential 460 transmitsinformation to access control module 410 via one access frequency. Thisinformation is received at a receiver that determines the carrierfrequency at which credential 460 is transmitting. Where access controlmodule 410 is capable of receiving at that frequency information fromcredential 460 is received, otherwise access control module 410 fails toacknowledge and credential 460 switches to another carrier frequency andthe process is repeated until either no other carrier frequencies aresupported by credential 460 or a mutually acceptable carrier frequencyis identified.

Once the mutually acceptable carrier frequency is identified, a channel420, 422 associated with the identified carrier frequency is selected.In either case, the selected channel 420, 422 receives the informationand passes it to a processor 430 executing instructions maintained in amemory 440. Where the information is sufficient to authorize access,access control module 410 actuates an access point to which it isassociated.

A programming interface 450 is also included in access control module410. Programming interface 450 provides a vehicle for communicatingupdated instructions executable by the processor to memory 430. Inaddition, a programmer 470 is associated with access control group 400.Programmer 470 is capable of reading and writing memory 430 viaprogramming interface 450. In one particular case, memory 440 is anEEPROM, and programmer 470 is an EEPROM reader/writer. In anotherparticular case, memory 440 is a flash memory, and programmer 470 is aflash memory reader/writer. Further, a link 480 between programmer 470and programming interface 450 may be wireless or wired. In some cases,link 480 is an infrared link and interface 450 via an infraredinterface. Based on the disclosure provided herein, one of ordinaryskill in the art will recognize a variety of interfaces and/or linksthat can be used in accordance with embodiments of the presentinvention. In some cases, programming interface 450 may be removablycoupled to memory 440 or an interface thereto. Thus, a dongle may beattached to access control module 410 that allows for programming themodule. In one or more cases, reprogramming access control modulerequires cycling power, while in other cases reprogramming can beachieved without cycling power.

Various embodiments of the present invention provide a contactless smartcard access control reader that can easily be re-programmed in the fieldwith firmware updates without removing access control module from itsinstalled position on a wall or mullion. In some cases, thisreprogramming can be achieved by removing an update portion of theaccess control module from a base portion of the same access controlmodule to expose programming interface 450.

In some cases, programming interface 450 is associated with acommunication adapter. This communications adapter may consist of arelatively small PCB that contains the following functionality: (1) aninfrared interface, (2) several momentary switches, (3) a particularpersonality circuit, (4) and the circuitry associated with programming amicrocontroller in the base assembly. As will be appreciated by one ofordinary skill in the art upon reading this disclosure, several possiblestructural and functional variations to the communications adapterexist. Some of these variations include, but are not limited to, ahardware programming, USB, serial or cellular phone interface. Any ofthese interfaces could be used through a personal digital assistant(PDA), or other portable computing device to program, load keys,download data or program the access control module in its installedposition on a wall, mullion, or other hardware.

Turning to FIGS. 5a and 5b , flow diagrams 500, 501 illustrate a methodin accordance with one or more embodiments of the present invention forperforming a credential migration. Following flow diagram 500,credentials are issued that work on a first channel (block 503) and asecond channel (block 506). In one case, the first credential is issuedand is used for a substantial period of time before the secondcredential is issued. In such a scenario, the second credential may beissued to replace the first credential. In addition, a transactiondevice capable of reading one or both of the credentials via differentchannels is deployed (block 509). This deployment can include, but isnot limited to, installing the transaction device at an access point.This transaction device can be, for example, an access control reader.

A user presents the first credential at the deployed transaction deviceand information from the first credential is transferred to thetransaction device (block 512). As previously described, thisinformation transfer can be achieved in a variety of ways includingwired, wireless, magnetic stripe, and/or other ways. Thus, based on thedisclosure provided herein, one of ordinary skill in the art willappreciate a myriad of ways in which information from the firstcredential can be passed to the transaction device. Next, the receivedinformation is utilized to determine if the credential is sufficient toactuate the transaction device (block 515). This can include, forexample, determining if the information from the first credential issufficient to allow access via an access point associated with thetransaction device. Where the information is sufficient (block 515), thetransaction device is actuated (block 518). Otherwise, the transactiondevice is not actuated and any request is declined (block 521).

It is then determined if the transaction device is to be updated (block524). Thus, for example, it may be determined whether a software upgradehas been installed via a programming interface, whether a new updatemodule has been installed that affects the operation of the transactiondevice, or the like. Where no update has occurred (block 524), theprocess of receiving only the first access credential is repeated(blocks 512-521).

Alternatively, where an update is to occur (block 524) and the update isto program the transaction device to operate on two channels, a programis received at the transaction device that enable operation on twodifferent channels (block 527). As will be appreciated by one ofordinary skill in the art upon reading this disclosure, the program canbe updated to the transaction device using one of a variety ofapproaches including, but not limited to, programming via a programminginterface, or by changing update modules such that a different programis executed. Once this program is received and updated such that it isbeing executed by the transaction device, it is possible for thetransaction device to operate in relation to both the first and secondcredentials (block 530).

Following flow diagram 501, it is determined whether a presentedcredential is authorized to actuate the transaction device (block 550).Again, this determination can be based on information provided fromeither the first credential or the second credential. Where theinformation from the presented credential is sufficient to actuate thetransaction device (block 550), the transaction device is actuated(block 553). Otherwise, the transaction device is not actuated and anyrequest is declined (block 556).

In addition, it is determined if the transaction device is to be updated(block 559). Thus, for example, it may be determined whether a softwareupgrade has been installed via a programming interface, whether a newupdate module has been installed that affects the operation of thetransaction device, or the like. Where no update has occurred (block559), the process of receiving information from both the first andsecond credentials is repeated (blocks 530-556).

Alternatively, where an update is to occur (block 559) and the update isto program the transaction device to operate on a single channelassociated with the second credential, a program is received at thetransaction device that enable operation on the appropriate channel(block 562). Again, as will be appreciated by one of ordinary skill inthe art upon reading this disclosure, the program can be updated to thetransaction device using one of a variety of approaches including, butnot limited to, programming via a programming interface, or by changingupdate modules such that a different program is executed. Once thisprogram is received and updated such that it is being executed by thetransaction device, it is possible for the transaction device to operatein relation only to the second credential (block 565).

It is determined whether a presented second credential is authorized toactuate the transaction device (block 568). Again, this determinationcan be based on information provided from the second credential. Wherethe information from the presented credential is sufficient to actuatethe transaction device (block 568), the transaction device is actuated(block 571). Otherwise, the transaction device is not actuated and anyrequest is declined (block 574).

Turning to FIG. 6, a modular access control device 600 in accordancewith one or more embodiments of the present invention is illustrated.Modular access control device 600 includes a base portion 610 and anupdate portion 620. Base portion 610 includes mounting holes 640 and anelectrical connector 630 that is matable to a corresponding electricalconnector (not shown) an update portion 620. In operation, updateportion 620 snaps onto base portion 610 that is mounted to a wall orother hardware. In this assembled configuration, electrical connector630 is attached to the corresponding electrical connector on updateportion 620. In some cases, update portion 620 snaps to base portion610, while in other cases update portion 620 is screw mounted onto baseportion 610. Based on the disclosure provided herein, one of ordinaryskill in the art will appreciate a variety of methods for attachingupdate portion 620 to base portion 610.

Among various advantages, the modularity of modular access controldevice 600 facilitates a simple method for updating the functionality byreplacing an existing update module with another update module. In somecases, this updating can be achieved without requiring any rewiring,total system replacement, and/or other costly procedures. In some cases,update module 620 includes a processor and computer readable medium,while in other cases it is limited to a selector contact that selectsbetween software already loaded in a computer readable medium associatedwith base module 610. In one particular case, update portion 620 andbase portion 610 each include a printed circuit board (PCB). The accesscontrol can be designed such that the PCB in update portion 620 and thePCB in base portion 610 are electrically coupled via electricalconnector 630. In such a situation, the PCB (including componentsmounted thereon) associated with base portion 610 provide for a baselinefunctionality, and the PCB (including components mounted thereon)associated with update portion 620 provide for additional functionality.As one particular example, an update portion with only an infraredinterface may be replaced by an update portion with both an infraredinterface and a keypad interface. Several possible structural andfunctional variations to the base portion will be recognized by one ofordinary skill in the art based on the disclosure provided herein. Thesevariations include, but are not limited to, any feature currentlypartitioned into the cover assembly. Examples of such variations includebut are not limited to keypad, LCD, USB, CAN and/or TCPIP connectivityinterface electronics. Also, several possible structural and functionalvariations to the cover assembly will be recognized by one of ordinaryskill in the art based on the disclosure provided herein. Thesevariations include, but are not limited to, any feature that may beintegrated into a proximity access control reader. Examples of suchvariations include but are not limited to keypad, LCD, USB, CAN and/orTCPIP connectivity interface electronics. In addition, but again notlimited to, it is also possible to include antennas, tuning networks,and appropriate RF reader electronics for other frequency reader systemsincluding but not limited to 125 KHz, 433 MHz, 800 MHz, 900 MHz and/or2400 MHz.

Various embodiments of the present invention include a personalitydetection system operable to detect what type of update portion isinstalled on the base portion, and to use this information to configurea processor associated with the base portion appropriately for theapplication. Further, some embodiments of the present invention providea contactless smart card access control module that implements a tamperdetection scheme capable of determining when the cover has been removedfrom the module. This tamper detection scheme can be configured to senda message to the host controller and/or sound an alarm at the accesscontrol module.

As just one of many examples illustrating advantages of one or moreembodiments of the present invention, an access control module that thatlacks keypad functionality is in service in the field. The user of theaccess control module decides that they would like to convert the readerfrom a non-keypad to a keypad reader. An installer or service technicianis sent to the site where the reader is in use. The installer removesthe update portion from the access control module and installs a newupdate portion that includes the keypad functionality. This process mayor may not include using the communications adapter tore-flash thefirmware in the reader. After the new update portion is installed on tothe base portion, assembly, a processor associated with the accesscontrol module detects the new update portion in relation to the baseportion and configures itself as a keypad installed access controlmodule.

The processor then resets and begins the normal operation mode for thephysical access control module. In an embodiment, this includes pollingfor two or more different types of transponders within the field of thereader. At a predetermined period, the processor turns on the RFinterface, waits for the hardware to settle, either sends a poll or notdepending on the type of transponder it is searching for, then checksthe output of the receiver to determine if a transponder is in the fieldand responding. If a transponder is in the field and responding, theprocessor then carries out all of the steps to read or write the datafrom or to the transponder. Once this operation is completed, theprocessor formats the data appropriately and sends it to the hostcontroller.

In addition to polling for a tag, the access control module can beconfigured to operate in a “pass-through” mode. In this mode, the accesscontrol module is controlled by a host computer through the serial port.The access control module simply performs any command the hostcontroller sends to it and responds with the appropriate messageaccording to the serial protocol for the access control module.

The access control module may also contain several other features suchas LEDs and a beeper that can be controlled by the host controllerthrough hardware lines or through the serial protocol. The hardwarecontrol lines are normally pulled-up in the reader and are active low.When the host pulls the line low, the processor detects this state andactivates the appropriate feature as it is configured. These controlsinclude but are not limited to green and red led and beeper. Anotherfeature included in one or more embodiments of the present invention canbe employed to extend the physical cable distance employed between thehost and reader is the use of an analog to digital converter on themicrocontroller to detect the host activation of a control line. Sincelong cable lengths can result in the host being unable to pull the linebelow the digital threshold on the processor I/O line, one or moreembodiments of the present invention employ the use of an A/D channel inlieu of a digital I/O line. This allows the activation threshold for thecontrol line to be programmable and configurable resulting insignificantly longer cable runs between the host computer and reader tobe successfully detected.

In one particular embodiment of the present invention, a con tactlessaccess control reader with a base portion and an update portion isprovided. In this particular embodiment, and without limiting anypreviously described embodiments, the base portion includes a PCB pottedinto a piece of plastic which contains the following functionality: (1)the contactless card communications engine and security functions, (2)reader to host controller interface circuitry, and (3) the readermicrocontroller and all associated functionality. The update portionincludes a PCB potted into a piece of plastic which contains thefollowing functionality: (1) one or more antennas and associated tuningcircuits, (2) additional analog front end circuitry, (3) LEDs, and (4) apart of the personality detection scheme. The update portion may alsoinclude: (1) an infrared interface, (2) several momentary switches, and(3) the circuitry associated with programming a microcontroller in thebase portion.

In another particular embodiment of the present invention a contactlesssmart card access control module that implements an automaticsoftware-based addressing scheme via an RS-485 network, or some othernetwork. This scheme could allow a group of modules on a network to beautomatically assigned addresses when first connected to a new hostcontroller. Addressing the modules through software simplifies theinstallation procedure as well as keeps the cost of the modules lower byeliminating the need for a hardware switch or switch bank in the reader.Additional embodiments of the present invention provide a con tactlesssmart card access control module that can easily accept a communicationadapter for the purpose of programming or configuring the reader. Thiscommunication adapter can be plugged into the base reader unit while itis still mounted in its service position on the wall or mullion. Thecommunication adapter will include infrared communication capability sothat a personal data assistant with an infrared interface can be usedtore-flash, configure or load keys into the module.

In an installation scenario compatible with one or more embodiments ofthe present invention, the components and sub-components of an accesscontrol module are installed as follows. First, the base assembly iswired into the existing building wiring at the reader installationlocation and the base assembly is mounted to the wall or mullion usingscrews. The base assembly contains a male PCB interconnect header. Thisheader is visible and accessible through an open window on the exposedfront surface of the base assembly. Second, the back of the coverassembly is potted with a rectangular shaped cavity recessed into thepotting. In this cavity, there is a mating female PCB interconnectheader. The cover assembly is snapped onto the base assembly and duringthis process, the female connector in the cover assembly engages themale connector in the base assembly. This connector mating provides theinterconnect of all of the circuits that are distributed between thebase and cover assemblies. The communications adapter subassembly can beattached to the base assembly if the cover assembly is removed. Thefemale header connector on the communications adapter board is the sameas that found on the cover assembly PCB. Before installing or afterremoving the cover assembly, a technician can install the communicationsadapter by mating the connector on the communications adapter to theexposed connector on the base assembly.

The portable PDA or programmer assembly can then interact with the baseassembly through the infrared port on the PDA. A program running on thePDA allows several operations with the electronics on the base PCB.These operations include but are not limited to configuration or readerbehavior, loading keys to the reader, addressing the reader for anRS-485 bus, downloading data from the reader and flashing the readerwith new firmware.

It should be noted that the aforementioned installation approach islimited to particular types of access control modules as disclosedherein, and that there are several alternative variations to theaforementioned approach useful based on the particular embodiment ofaccess control module discussed herein. The variations may include, butare not limited to, repartitioning the electronics/functionality in anyway to change the features that are included in the base, cover andcommunications adapter assemblies. For example, it may be possible toinclude all of the functionality on the communications adapter into thebase assembly thus eliminating the need for the base assembly. Otherpotential variations include adding another operation frequency orprotocol to the functionality of the reader.

In conclusion, the present invention provides novel systems, devices,methods and arrangements for facilitating credential emulation. Whiledetailed descriptions of one or more embodiments of the invention havebeen given above, various alternatives, modifications, and equivalentswill be apparent to those skilled in the art without varying from thespirit of the invention. Therefore, the above description should not betaken as limiting the scope of the invention, which is defined by theappended claims.

What is claimed is:
 1. A method for providing radio frequencyidentification access control, the method comprising: providing anaccess control module, wherein the access control module is capable ofinteracting at a first frequency and a second frequency; providing anaccess credential operable at the first frequency and at the secondfrequency; communicating data from the access credential to the accesscontrol module at the first frequency; determining within the accesscontrol module whether the data was communicated using the firstfrequency or the second frequency; if the access control module iscapable of receiving at the first frequency, acknowledging receipt ofthe data to the access credential; where the data received is sufficientto authorize access, granting access by the access control module to anaccess point;. wherein if the access control module is not capable ofreceiving at the first frequency, the method further comprises:communicating the data from the access credential to the access controlmodule at the second frequency; determining within the access controlmodule the frequency at which the data was communicated; if the accesscontrol module is capable of receiving at the second frequency,acknowledging receipt of the data to the access credential; and wherethe data received is sufficient to authorize access, granting access bythe access control module to the access point.
 2. The method of claim 1,wherein where the data is insufficient to authorize access, denyingaccess by the access control module to the access point.
 3. The methodof claim 1, wherein the access control module is deployed locally to theaccess point.
 4. The method of claim 1, wherein the first frequency is125 KHz and the second frequency is 13.56 MHz.
 5. The method of claim 1,wherein granting access by the access control module includes actuatinga locking mechanism of a door.
 6. The method of claim 1, wherein theaccess control module includes a base portion and a first updateportion, and wherein the method further comprises updating the accesscontrol module by replacing the first update portion with a secondupdate portion.
 7. An access control system comprising: an accesscredential operable to transmit data at a first frequency and a secondfrequency; an access control module including a processor and a computerreadable medium, wherein the computer readable medium includesinstructions executable by the processor to: determine the firstfrequency at which the data from the access credential is transmitted;if capable of receiving at the first frequency, acknowledge receipt ofthe data to the access credential; if not capable of receiving at thefirst frequency, determine the second frequency at which the data fromthe access credential is transmitted; if capable of receiving at thesecond frequency, acknowledge receipt of the data to the accesscredential; and where the data is sufficient to authorize access, grantaccess to an access point.
 8. The access control system of claim 7,wherein the first frequency is 125 KHz and the second frequency is 13.56MHz.
 9. The access control system of claim 7, wherein the computerreadable medium further includes instructions executable by theprocessor to deny access where the data is insufficient to authorizeaccess.
 10. The access control system of claim 7, wherein the accesscontrol module is deployed locally to the access point.
 11. The accesscontrol system of claim 7, wherein the access point is a door.
 12. Theaccess control system of claim 7, wherein the access control moduleincludes a base portion and a first update portion, and wherein theaccess control module is updatable by replacing the first update portionwith a second update portion.